Rapid7 Blog

Revisiting the Past with Logentries and Syslog

POST STATS:

SHARE

When I was younger I was always amazed by my grandfather. He would revel me in stories about how, when growing up, not only did he not have a car or television, but he had to walk up hill “both ways” to get to school – without shoes! And here I am today more or less saying the same thing about the late 70’s and early 80’s when client-server changeover that occurred during that time and we all had servers sitting in our closets. Setting up syslog back in the day usually involved a large amount of disk space and a fair amount of time.

Fast forward to today and the log management and analytics tools we have available that eliminate the age-old headaches of setting up syslog in your environment. Logentries handles the disk space for you and following our simple rsyslog instructions you will be up and running in a few minutes. However many of the pains found 30 years ago are still prevalent in the standard.

One of the most persistent issues with syslog has always been the lack of security. Rsyslog “sorta” fixed this – for OS level logging anyways. But most routers and firewalls continue to send data unencrypted. Add to that the fact that most routers and firewalls can’t send syslog data on any other port than the default, and it makes it rather difficult to send syslog consistently across all your systems and hardware. One of the other nagging issues around syslog was that of reliability. There was no way to guarantee 100% of syslog data would reach its intended destination.

But it works. Even with all its imperfections and blemishes, syslog and its variants still attests for the majority of logging traffic on our networks and the Internet. It’s simple and easy to forward syslog data from your servers to Logentries, but we’ve added some functionality to make up for its short comings.

Enter the DataHub. Logentries recently released a new component called the DataHub that will act as a syslog proxy for your systems and hardware. The DataHub accepts both syslog and Logentries agent traffic and will then forward that information over a secure channel to Logentries. It can also spin up a listener on any port – which is super handy for those firewalls and routers that don’t allow you to send traffic to any random port. The DataHub also offers the capability to log to local storage or directly to your AWS S3 bucket.

Out of the box, Logentries can be a cloud-based syslog server for you to send your log data too. But with the added features and functionality of the DataHub your syslog infrastructure becomes secure and easily scalable in a matter of minutes.